China's Payback for US Hacker Indictments Begins

The fallout from U.S. indictments against Chinese hackers is just beginning. "You'll probably see economic repercussions of one sort or another," said GWU's Frank Cilluffo. "Whether this was just the first shoe and there are others to drop, I'm not sure, but it will make what is already a complex and vexing market even more so for U.S. and other companies doing business in China."

The Department of Justice last week unsealed indictments against five members of the Chinese military who were accused of hacking into the computer systems of U.S. companies to steal everything from trade secrets to confidential corporate correspondence.

China's initial response was to deny any wrongdoing and charge that the United States had hacked into the systems of Chinese companies for purposes of espionage -- but Beijing wasn't finished there.

Shortly after the indictments were handed down, China announced that its government agencies, which have been standardized on Microsoft Windows, would not be upgrading to the latest version of that operating system. The move was to ensure security going forward, the Central Government Procurement Center said, because Microsoft had stopped supporting a version of the OS, Windows XP, still widely used in China.

However, the timing of the move raised questions.

"I don't think it's coincidence. I think they were looking for ways to respond, and this was an issue that they'd been struggling with for some time because they invested heavily in XP," Frank Cilluffo, director of George Washington University's
Homeland Security Policy Institute, told TechNewsWorld.

"It is ironic in some ways that they're threatening not to buy, since a good chunk of XP in China is pirated to begin with," he added.

Appeasing Business

Following the Windows move, China announced it would be adopting new rules to assess potential security problems "related to national security and the public interest." China has been considering such rules for a while, but once again, the timing of this move also seems linked to the U.S. indictments.

China's moves last week are likely to be just the beginning of the fallout.

"You'll probably see economic repercussions of one sort or another," Cilluffo said. "Whether this was just the first shoe and there are others to drop, I'm not sure, but it will make what is already a complex and vexing market even more so for U.S. and other companies doing business in China."

There are those who doubt the U.S. will be willing to do what must be done to stop Chinese pilfering of the country's corporate systems, however.

"I am skeptical that the [U.S. Government] will in fact continue to ratchet up the stakes to a degree that will make it irrational for China to continue on its current course, because doing so can quickly become very costly to many U.S. interests, and because China's bounty from cybertheft is so great that it can absorb quite a lot of USG retaliation in any event," wrote Harvard Law School professor Jack Goldsmith in his Lawfare blog.

"In this light," he continued, "an alternate interpretation of yesterday's events is that the USG is simply trying to get corporate America off its back by showing that it is doing something about China's corporate cyber-snooping, and that it has no intention of raising the stakes of public confrontation beyond unenforceable indictments."

Curtain Lowered on Blackshades

Chinese hackers weren't the only targets of law enforcement last week. A coordinated effort by cops in 18 countries rounded up more than 100 people connected to a versatile piece of malware called "Blackshade."

The malicious app, which can be purchased for as little as US$40, is a Remote Access Trojan that's designed to give hackers control over another person's computer. Since September 2010, the program has generated an estimated $350,000 for its salespersons, according to the FBI.

The malware has gained popularity for a number of reasons.

"What stands out about Blackshade is just how easy it is to use and deploy," Alex Watson, director of security research at
Websense, told TechNewsWorld.

"It has more features for an attacker than your typical remote administration tool, but fewer features than the RATs used in targeted atttacks," he explained. "It can activate a webcam, steal files and has a limited ability to move laterally through a network by exploiting other hosts."

However, since Blackshade is so simple to use, it doesn't cover its tracks very well.

"Since there is very little skill required to run the software, the attackers often leave themselves exposed in many ways, considerably more so than some of the more advanced APT-style adversaries," Greg Foss, a senior security research engineer with
LogRhythm, told TechNewsWorld.

"The beaconing alone is incredibly loud and will be detected by default rules within a majority of commercial grade firewalls and SIEM tools," he noted.

In addition, user intervention is needed to get the malware into a machine. "Even if they are able to get the executable on the target's system, any antivirus software will flag and remove this malware, as it is so well known at this point, even when packed," Foss added.

Breach Diary

May 19. U.S. Justice Department announces indictments against five members of the Chinese military for cyberespionage on U.S. companies.

May 19. FBI announces roundup of more 100 people people worldwide connected to distrbution and use of the Blackshades Remote Access Trojan.

May 20. Extensible Messaging and Presence Protocol (XMPP, formerly Jabber) announces more than 70 messaging services using the technolgy have begun protecting their chats with TLS encryption.

May 21. eBay reports security breach and urges all its users to change their existing passwords.

May 21. U.S. District Judge Richard Jones issues order thwarting attempt by FBI to suppress documents relating to National Security Letter demanding information on one of Microsoft's enterprise customers.

May 21. Avast releases findings from survey conducted with 268,000 online respondents showing three out of four people were not aware of the Heartbleed vulnerability, which affected millions of websites and mobile devices.

May 21. Michaels stores, which suffered data breach compromising information on some three million customers, reports 22 percent increase in profits.

May 22. Cyberthreat intelligence company IntelCrawler reports Nemanja botnet has infected almost 1,500 point-of-sale terminals and other retail systems in 36 countries.

May 23. Facebook announces new tool to help its users better manage their privacy.

May 23. South Korea's Electronics and Telecommunications Research Institute announces it has developed a chip that can protect authentication and personal information on smartphones from attack by cybercriminals.

Upcoming Security Events

June 3. Meeting on Commercial Use of Facial Recognition Technology. 1-5 p.m. ET. Held by National Telecommunications and Information Administration at American Institute of Architects, 1735 New York Ave. NW, Washington, D.C.

June 24. Meeting on Commercial Use of Facial Recognition Technology. 1-5 p.m. ET. Held by National Telecommunications and Information Administration at American Institute of Architects, 1735 New York Ave. NW, Washington, D.C.